locked
Encryption and decryption in ightswitch with C# RRS feed

  • Question

  • Hi,

    How is it possible to use Rijndael, RSA,3DES, AES, SHA,MD5 cryptology in LightSwitch with C#

    Sunday, March 4, 2012 1:20 PM

Answers

  • Yes it is.

    Please explore this namespace System.Security.Cryptography which belongs to mscorlib.dll

    • Edited by ninoid Sunday, March 4, 2012 3:33 PM
    • Proposed as answer by ninoid Thursday, March 8, 2012 6:44 AM
    • Marked as answer by Otomii Lu Wednesday, March 28, 2012 5:33 AM
    Sunday, March 4, 2012 3:33 PM

All replies

  • Yes it is.

    Please explore this namespace System.Security.Cryptography which belongs to mscorlib.dll

    • Edited by ninoid Sunday, March 4, 2012 3:33 PM
    • Proposed as answer by ninoid Thursday, March 8, 2012 6:44 AM
    • Marked as answer by Otomii Lu Wednesday, March 28, 2012 5:33 AM
    Sunday, March 4, 2012 3:33 PM
  • Hi Ninoid,

    Thank you very much for your  help. I will try .

    Sunday, March 4, 2012 8:56 PM
  • Hi,
    I am using lightswitch for our intranet site. I am using MSSQL 2008 database and visual studio 2012.

    Can you suggest me a how to create a field where I shall enter an sensitive information which will be stored in the database encrypted.Later on I should be able to retrieve the data from the field, decrypt it and show on the screen.

    I can use the Cryptography function inside applicationDataServices class but cannot use it inside any file located inside Client folder. How to add a reference so that i can use Rijndael from any of the file inside the client folder.

    -Thanks
    Musfiq

    Tuesday, February 12, 2013 6:46 PM
  • Silverlight (what you use client side) supports also a lot of cryptographic primitives.

    http://msdn.microsoft.com/en-us/library/system.security.cryptography(v=vs.95).aspx

    But.. I'm wondering why you want to encrypt specific fields in your db and what exactly you want to accomplish.

    Encryption (and security in general) depends on how secure you can store keys, in the same way as "identity" (e.g. log on to your windows machine) depends on how secure your password is.

    If you make sure that the connection to your sql server db is done with windows authentication (in such a way there is no password involved in connection strings) and you can make sure that the password of the user with which the connection to the db is made, is kept very secret (strong password, etc. ...), what is the added value of encrypting specific fields?

    My point is that your custom symmetric (since you referring to Ryndael, I presume you go for symmetric) encryption mechanism will need a key, which you need to share between the endpoints between which you want to secure things, will create a new security dependency of which you have to manage yourself in code. For the db windows auth password, active directory is managing this, but how you keep your password safe in your code? How will you distribute your key to the silverlight client? Compile it in your source code? 

    LightSwitch uses OData which has on that level no specific message level security, but ... since all traffic can go over https, there is perfect transport level security. Only the more sophisticated WS* WCF services support build-in message level security.

    Do you have a specific design in mind for coping with the above? Would be great if you could share this.


    paul van bladel

    Tuesday, February 12, 2013 7:19 PM